Trends – Innovation – ITSM – IT Architecture – Requirement Analysis – Business views – Service Governance – Storage – Virtualization etc… What do I do, why do I do it, and why does everyone else do what they do? Time to reflect and this is my little pot where I share my view and others great contributions to this IT-world!

Archive

Finally… we’re pleased to announce that we now have released the Tech Preview of the EnvokeIT Workspace Client service!! 🙂

What is this and why did we build this SaaS device configuration service?

Have you also tried to roll-out Windows 10 with Azure AD and potentially also Microsoft Intune and lack capabilities like Group Polices to control registry and files or to run PowerShell scripts?

We’ve solved that for you! The EnvokeIT Workspace Client is a device configuration client built on the cloud and for the cloud! Now you have all the capabilities that you require to deliver a modern Windows 10 Out-of-the-box delivery using Azure AD!

Have a look at our “quick” overview video or just sign up for a free Tech Preview tenant and you’ll be up and running within minutes!

The service is built for Windows on Azure and leverages the latest technology to ensure that you can adopt the Windows and Azure AD architecture without lacking what you need from good old Group Policies!

Here are some examples of what the service can solve for you:

You want to remove the Windows “bloatware” for all your Windows 10 devices, no problem

If you want to specify and ensure that all your users have the same company background, you can do that!

If you need to configure application settings for all users, no problem!

Do you need to have an updated User Guides or other material easily pushed to your users desktop, no problem!

If your web applications require that they are put in Local Intranet or Trusted Sites in your browsers, then you can push that out!

Does your Windows application require specific local settings files to be pushed to the clients, no worries we’ve got you covered there as well!

Do you need to push out Microsoft Edge policies you can do that as well! For a complete list of built-in Group Policy objects that you can configure see this list.

If you need to do special configuration of the OS, applications or user settings you can do that through PowerShell scripts, you write the scripts and our agent makes sure it’s run in user or system context. Configuration possibilities are endless with PowerShell script support!

And if you need any assistance in your Windows 10, Office 365 or Enterprise Mobility Project just contact us at EnvokeIT: info@envokeit.com or send an email to me directly: richard.egenas at envokeit.com

Until now, building an application that worked with both personal and business accounts from Microsoft required integrating with two different technology stacks. Not only that, you had to have separate buttons in your app where your user needed to choose, up front, to sign-in with a personal account or a work or school account.

With the v2 app model preview, it is possible to sign-in both personal and work users with a single button. Let’s take a quick look at the end user’s experience. We begin with your application, with the addition of a “Sign-in with Microsoft” button.

We’re using the Microsoft brand because end users don’t know about Azure or Azure Active Directory. But they do know that Windows, Outlook, OneDrive, Xbox, and Office 365 are services from Microsoft and they need an account from Microsoft to sign-in there.

When the user clicks the button, they come to a consolidated sign-in page:

The user enters their username. Under the covers we figure out if the username corresponds to a personal account or a work account. Then we take the user to the right page to enter their password. Today this may involve a redirect – in the future we’ll optimize this out.

This is awesome! I just love what Microsoft is doing with all the cool Azure offerings! That’s also why I’ve been digging deeper into this area lately and also took the Microsoft Specialist – Architecting Microsoft Azure Solutions exam and been playing around with Azure AD, DirSync and ADFS a lot.

Now with the whole release of Windows 10, Azure AD, Intune, ADFS and System Center we’re going to have a lovely story going forward with how to do client management going forward, just take a Windows 1o device, join it through Azure AD, Intune and federation and then sign in using your on-premise AD credentials. On top of that you can also then leverage Azure AD or federation with it for your SaaS apps as well and with SSO, and why not use the Azure connector to make your on-premise web apps available on the Internet with authentication as well!

Microsoft and Azure rocks!

Now also with the magic quadrant from Gartner that shows how well Microsoft is doing! It look very promissing, and just think about combingin all this also with Citrix Workspace cloud going forward! So great! 🙂

Gartner just released their Magic Quadrant for Identity Management as a Service (IDaaS) and after only ~10 months in market, Azure AD premium was placed in the “Visionary” quadrant, far to the right of our competitors for our completeness of vision and our ability to execute, only slightly below companies with established, multi-year track records.

If you are a Gartner client, you can find the report here. We will have a complimentary copy to share soon, so please check back.

We’re really pleased with this result. We believe it validates our vision of providing of a complete solution for hybrid identity management, a solution that includes not just a directory and employee identity management, but full suite of identity capabilities, an integrated device management offering (Microsoft Intune), leading edge information protection (Azure RMS) and a robust set monitoring and security capabilities.

I am especially delighted by this validation because it says a lot about our customers, implementation partners and ISV partners who have worked together with us. They have been awesome about sharing their time and energy every day, to make sure that the products and services we build meet their needs and are helping them position their companies to thrive in the emerging world of cloud and devices.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product…

When working on Netscaler implementation projects, most of which tend to be internet-facing, one aspect that most organisations always perform is a penetration test. Having been through a number of these over the years, I thought it would be a good idea to share my experiences and some of the common aspects that get highlighted, to enable you to “pass first time” without having any remedial actions to work through and costly re-tests to perform.

The Netscaler has a number of IPs (NSIP, SNIP/MIP, Access Gateway VIPs etc) so what should you test against? The answer may well depend on corporate policy, but I usually test the internet-facing Access Gateway VIP and the management interface (NSIP). I also usually include StoreFront in any internal tests as this is an integral component of the overall solution, but I won’t cover StoreFront in this post.

Of course technically “bad guys” can only reach internet-facing IP addresses (as permissioned by your external firewall) but I recommend including internal-facing IPs for any DMZ-hosts to understand your exposure should another DMZ host get compromised (as your attacker can now potentially access internal IPs so the external firewall rules no longer protect you)

Remove unnecessary management tools (telnet and FTP are considered insecure so should alwaysbe disabled). Also remove SNMP if your Netscalers are not being monitored or managed by an external monitoring service.

Ensure that “Secure access only” is selected to force SSL access to the GUI

Ensure that management applications are only available on an internal IP (NSIP or SNIP). Open the IP properties for the IP addresses that won’t be used for management and untick “Enable management access”

Change the default nsroot password to something long (obvious you’d think but you’d be amazed how many Netscalers I’ve seen that I can just log straight into using the default credentials!)

If you have set up integrated AD authentication via LDAP for administrative access to the GUI, ensure that you have protected access using a filter group, otherwise anyone with a valid AD account will be able to access your Netscaler GUI (although they won’t be able to make any changes, it’s still not a good idea them having this access!)

If you haven’t seen this then have a look at what 2.2 now has to offer!

StorageZones for ShareFile Data — You can store ShareFile data in either Windows Azure cloud storage or a private single-tenant storage system that you maintain. You specify a storage option when you configure StorageZones for ShareFile Data.

What’s new

StorageZones Controller 2.2 provides the following enhancements:

Support for Windows Azure storage containers — If you have a Windows Azure account, you can use an Azure storage container for your private data storage instead of a locally-maintained share.

To get started create a new zone and choose the Azure option when you configure StorageZones for ShareFile Data.

Connectors to SharePoint root-level sites — You can now create a StorageZones Connector for a SharePoint root-level site or site collection, enabling users to navigate all of the subsites and document libraries in the site. To provide more limited access, you can continue to create connectors to individual SharePoint document libraries.

Connectors to user home drives based on Active Directory — You can now create a Connector for network file shares that reliably points to user home drives. To create a connector for user home drives, set the UNC path to the variable %homedrive%. StorageZones Controller will then create connectors based on the user home folder path property in Active Directory.

Installation on non-English operating systems — You can install the English version of StorageZones Controller on the following operating system versions: French, German, Japanese, Simplified Chinese, and Spanish.

Connect Office365 to AD for Free, with Okta

Simple Set Up and Configuration – Enabling AD integration is a simple, wizard driven process. With the click of a button from the Okta administrative console you can download the Okta Active Directory agent and install it on any Windows Server that has access to your Domain Controller.

Intelligent User Synchronization – Once the agent is installed and the initial user import takes place Okta intelligently processes the results.